Black Hat DC 2011//Speakers

Hyatt Regency Crystal City
training: jan.16 - 17 | briefings: jan.18 - 19

Register Now for Black Hat DC 2011

Itzhak Avraham

Itzhak Avraham (zuk) is a Computer & Network Security Expert who has done a wide variety of vulnerability assessments. Itzhak worked at the IDF as a Security Researcher and later as Security Researcher Training Specialist. Itzhak has worked at top penetration testing/research companies in Israel. Proud owner of where he does freelance work for special pentesting/hacking/research/reverse engineering projects. He's interested in all hacking related topics and really dislikes writing about himself in the third person. Itzhak can be found on Twitter :@ihackbanme and on his personal hacking related blog at"

Ryan Barnett

Trustwave's SpiderLabs Research Team

Ryan Barnett is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security where he focuses on web application defensive research and serves as the ModSecurity web application firewall project lead. In addition to his work at Trustwave, Ryan is also a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. He is also a Web Application Security Consortium (WASC) Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects, as well as, the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache and is a frequent speaker at industry conferences such as Blackhat and OWASP.

Dionysus Blazakis

Independent Security Evaluators (ISE)

Dion has been breaking software since 1994, playing with and Ralf Brown's Interrupt List. Somewhere along the way, he took a more respectable path and ended up a software developer. After years working on embedded devices, he left development to write long reports that no one reads (i.e. he's a consultant). As an analyst for Independent Security Evaluators, Dion "audits" the DRM systems used for small consumer devices. He spends the rest of his time reversing, bug hunting, and thinking about model checking. His relevant interests include compilers, operating systems, programming languages, and Minecraft.

Tom Brennan

Trustwave, SpiderLabs

Tom Brennan started with technology as a COSYSOP for a underground 8-bit BBS and writing code for fun when Pascal and CP/M was cool -"xyzzy". Builds enterprise networks like legos... and molds custom web applications like clay to meet defined project requirements.

Today, Tom is a Director of at Trustwave, Spiderlabs ( and volunteers his time to the Open Web Application Security Project ( as Global Board Director

Andrew Case

Digital Forensics Solutions

Andrew Case is a security researcher at Digital Forensics Solutions where he is responsible for source code audits, penetration testing, and other computer security related tasks. He is also a GIAC-certified digital forensics investigator and has conducted numerous large scale investigations. Andrew's primary research focus is physical memory analysis, and he has published a number of peer-reviewed papers in the field.

Sean Coyne


Sean Coyne is a security consultant for MANDIANT, where he conducts penetration tests of networks and webapps, teaches cyber investigation to federal agents, and performs forensics investigations for government and commercial clients. Prior to this he has worked for an elite handful of security and consulting firms serving intelligence & defense clients here and overseas. Sean was one of the first graduates of Penn State’s Information Assurance program and is currently studying Intelligence Analysis at Mercyhurst College.

Adrian Crenshaw

Tenacity Solutions Inc

Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He's currently working on a Masters in Security Informatics, and is interested in obtaining a network security/research/teaching job in academia.

Neil Daswani


Neil Daswani is a co-founder of Dasient, Inc., a security company backed by some of the most influential investors in Silicon Valley and New York. In the past, Neil has served in a variety of research, development, teaching, and managerial roles at Google, Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil co-founded the Stanford Center Professional Development (SCPD) Security Certification Program ( He has published extensively, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of Foundations of Security:What Every Programmer Needs To Know (published by Apress; ISBN 1590597842; More information about Neil is available at

Bruno Goncalves de Oliveira

Trustwave, SpiderLabs

Bruno Goncalves de Oliveira is a Security Consultant at Trustwave's Spiderlabs in the Network Penetration Test Team. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security where conducts penetration tests in the premier clients, holds some certs and a title of computer engineer by Universidade Norte do Paraná. Over 10 years working / studying / having fun with security always focused on offensive tasks, the main focus of his works is based on network security and penetration tests, trying to figure out different/other/more beautiful ways to attack systems, part of these studies/works became talks at some security conferences like SOURCE Barcelona (Spain), DEF CON 18 -Skytalks (USA), HITBSecConf 2009 (Malaysia), Toorcon X (USA), YSTS 2.0/3.0 and H2HC IV/VI (Brazil & Mexico).

Mariano Nunez Di Croce


Mariano Nunez Di Croce is the Director of Research and Development at Onapsis. Mariano has a long experience as a Senior Security Consultant, mainly involved in security assessments and vulnerability research. He has discovered critical vulnerabilities in SAP, Microsoft, Oracle and IBM applications.

Mariano leads the SAP Security Team at Onapsis, where he works hardening and assessing the security of critical SAP implementations in world-wide organizations. He is the author and developer of the first open-source SAP & ERP Penetration Testing Frameworks and has discovered more than 50 vulnerabilities in SAP applications. Mariano is also the lead author of the "SAP Security In-Depth" publication and founding member of BIZEC, the Business Security community.

Mariano has been invited to hold presentations and trainings in many international security conferences such as BlackHat USA/EU, HITB Dubai/EU, DeepSec, Sec-T,, Ekoparty and as well as to host private trainings for Fortune-100 companies and defense contractors. He has also been interviewed and quoted in mainstream media such as Reuters, IDG, NY Times, PCWorld and others.

Michael Eddington

Déjà vu Security

Michael Eddington is a senior security consultant with over ten years providing security services to Fortune 500 companies in the United States. Michael has extensive expertise in many areas of computer security, including application security, network security, threat modeling, and fuzz testing. Michael is an industry expert who routinely speaks and provides training at the top industry technical conferences including Blackhat and RSA.

Michael has worked for some of the leading security companies, including Leviathan Security Group and ISAG. Michael also founded the security services practice for IOActive, Inc. and co-founded the Security Services Center for Hewlett-Packard's services division.

Michael is an accomplished software architect and developer. Michael has worked on shipping products, from trading applications to designing and building numerous commercial web applications. Michael has also participated in a number of open-source security development projects ranging from threat modeling (such as the Trike threat modeling conceptual framework) to fuzzing (e.g. The Peach Fuzzer Framework).

Michael's research is currently heavily focused on fuzzing (fuzz testing), in which he is considered one of the foremost experts, having developed the industry leading open source fuzzing platform Peach. Peach is used by many top technology companies and most security consultancies to perform fuzzing. Michael is currently engaged in pushing fuzzing to the next level with new tools and techniques.

Marc Eisenbarth

HP TippingPoint DVLabs

Marc Eisenbarth recently noticed the word “Architect” has been appended to his business cards, and while not entirely sure what that means, he has continued to just do what he has been doing for the last five years, namely improving the HP TippingPoint Intrusion Prevention System (IPS) as a member of DVLabs’ Advanced Security Intelligence team. Prior to this, he managed “cyber liability” at a US defense contractor for five years and completed a graduate program at Columbia University in Computer Science. Off the clock, he is a “hardware guy” who enjoys releasing various do-it-yourself projects to the general public.

Chris Gates

Metasploit Project

Chris Gates (CG/carnal0wnage) is a member of the Metasploit Project and Attack Research. He enjoys business logic flaws, misconfigured databases and the occasional client-side attack. He has spoken at various other security conferences including BlackHat USA, Defcon, CSI 2009, Brucon, SOURCE Boston, Toorcon, Notacon, and Chicagocon.

Giovanni Gola

Giovanni Gola is a student at Politecnico di Milano in computer engineering. He used to spend his spare time doing math olympics in his youth. Nowadays he does networking consultancies for various Italian companies and in his spare time he likes playing the sax and studying network security.

Cassio Goldschmidt


Cassio Goldschmidt is senior manager of the product security team under the Office of the CTO at Symantec Corporation. In this role he leads efforts across the company to ensure the secure development of software products. His responsibilities include managing Symantec’s internal secure software development process, training, threat modeling and penetration testing. Cassio’s background includes over 13 years of technical and managerial experience in the software industry. During the seven years he has been with Symantec, he has helped to architect, design and develop several top selling product releases, conducted numerous security classes, and coordinated various penetration tests. Cassio is also known for leading the Open Web Application Security Project (OWASP) chapter in Los Angeles.

Cassio represents Symantec on the SAFECode technical committee and ISC2 in the development of the CSSLP certification. He holds a bachelor degree in computer science from Pontificia Universidade Catolica do Rio Grande Do Sul, a masters degree in software engineering from Santa Clara University, and a masters of business administration from the University of Southern California.

Joe Grand

Grand Idea Studio, Inc.

Joe Grand is an electrical engineer, hardware hacker, and president of Grand Idea Studio, Inc. (, where he specializes in the invention, design, and licensing of consumer products and modules for electronics hobbyists. He is a former member of the legendary hacker collective L0pht Heavy Industries and has spent over a decade finding security flaws in hardware devices and educating engineers on how to increase the security of their designs. Joe holds a Bachelor of Science degree in Computer Engineering from Boston University and a Doctorate of Science in Technology (Honorary) degree from the University of Advancing Technology.

Chris Hadnagy

Offensive Security

Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 13 years. Presently his focus is on the human? aspect of technology such as social engineering and physical security. Chris has spent time in providing training in many topics and also has had many articles published in local, national and international magazines and journals. He presently is the operations manager of Offensive Security and Offensive Security PWB Trainer and the lead developer of Social-Engineer.Org. He is the author of the book, Social Engineering: The Art of Human Hacking. Chris can be found online at and, twitter as @humanhacker.

Rob Havelt

Trustwave, SpiderLabs

Rob Havelt is the director of penetration testing at Trustwave's SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing for premier clients. Rob has worked with offensive security seemingly forever, and from running a start-up ISP, to working as a TSCM specialist, he's held just about every job possible in the realm of system administration and information security.

Formerly a bourbon-fueled absurdist, raconteur, and man about town, currently a sardonic workaholic occasionally seeking meaning in the finer things in life -Rob is, and will always be, a career hacker.

Vincenzo Iozzo

Zynamics GmbH

Vincenzo Iozzo is a student and a reverse engineer. At zynamics he does research on topics like vulnerability development, reverse engineering techniques and tools. Vincenzo is also a regular speaker at various international security conferences including Black Hat, EuSecWest and DeepSec on various topics reverse engineering related. He is probably best known for having won the PWN2OWN contest together with Ralf-Philipp Weinmann with an exploit for iPhoneOS

Ryan Kazanciyan


Ryan Kazanciyan is a Principal Consultant with MANDIANT and has specialized in incident response, forensic analysis, application security, and penetration testing for seven years. He has conducted intrusion investigations and remediation efforts for dozens of organizations in the defense industrial base, technology, and financial service sectors. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware triage. He also has an extensive background executing penetration tests against Windows and Unix environments and "black-box" application security assessments. In addition, Mr. Kazanciyan has led training sessions on incident response, forensics, and penetration testing for audiences in law enforcement, the federal government, and corporate security groups.

Franklin D. Kramer

The Honorable Franklin D. Kramer is a national security and international affairs expert. Mr. Kramer has been a senior political appointee in two administrations, including as Assistant Secretary of Defense for International Security Affairs for President Clinton, Secretary Perry and Secretary Cohen; and, previously, as Principal Deputy Assistant Secretary of Defense for International Security Affairs.

Among his current activities, Mr. Kramer is the author of Cyber Security: An Integrated Governmental Strategy for Success, as well as the principal editor and chapter author for the book Cyberpower and National Security. Mr. Kramer is also the principal editor for, and co-author of the policy chapter of, the book Civil Power in Irregular Conflict. He is the co-author and was co-project director of Transatlantic Cooperation for Sustainable Energy Security, and of Central Europe and the Geopolitics of Energy. At George Washington University, he teaches a course on “The Department of Defense and Winning Modern War.” He has written numerous additional articles on international affairs, including in the cyber arena on “Cyber Influence and International Security,” “I-Power: The Information Revolution and Stability Operations,” and “Sweden’s Use of Commercial Information Technology for Military Applications.”

At the Department of Defense, Mr. Kramer was in charge of the formulation and implementation of international defense and political-military policy, with worldwide responsibilities including NATO, the Middle East, Asia, Africa and Latin America. He has been responsible for activities in Iraq, the Balkans and other areas involving the use of force as well as reconstruction efforts and humanitarian and disaster relief activities throughout the world. He has chaired numerous bilateral and multilateral groups including with many of the central and eastern European states; Israel, Jordan and Saudi Arabia in the Middle East; Pakistan and India in South Asia; and Japan and South Korea in East Asia; and led delegations to NATO, China, Singapore, Egypt, Nigeria and numerous others. He was the primary interface with U.S. Combatant Commanders, and in addition to leading the International Security Affairs Office, supervised the Defense Security Cooperation Agency, including the foreign military sales and foreign military assistance budgets; the NATO Defense Advisor’s Office; and the DOD POW-MIA.

In the non-profit world, Mr. Kramer is Vice Chairman of the Atlantic Council, a Distinguished Fellow at CNA which operates the Center for Naval Analysis and the Institute for Public Research, is chairman of International Advisory Committee and has been chairman of the board of the World Affairs Council of Washington, D.C; and is a Capstone Professor at the Elliott School of International Affairs, George Washington University, and has been a Distinguished Research Fellow at the Center for Technology and National Security Policy of the National Defense University. In the private sector, Mr. Kramer is a director and consultant and has been a partner at the law firm of Shea and Gardner.

Mr. Kramer received a BA cum laude from Yale University and a JD magna cum laude from Harvard Law School.

Jon Larimer


Jon Larimer is a senior researcher on IBM's X-Force Advanced Research team. Jon has been working in the security industry for over 12 years at companies including Internet Security Systems, nCircle Network Security, and now IBM. He has been involved in an array of security fields such as penetration testing, vulnerability research, security software development, and malware analysis.

Tarjei Mandt

Tarjei Mandt is a security researcher with Norman. He specializes in vulnerability research, operating systems security, and exploit mitigations. Recently, he has been doing extensive work on the Windows kernel and has reported several vulnerabilities.

Eric Michaud

i11 Industries

As an advocate and writer for the Journal of Interdimensional Intelligence and a Tesseract Traveller Eric performs many forms of skullduggery, adventure, and escapades. In his downtime he has co-founded several companies and non-profits including, Hac-DC, Pumping Station:One. Until most recently he has worked in an underground bunker somewhere in the Midwest for a shadowy government agency where his skills were put to use. Current projects are Self-Inflicted surveillance through GSM/Twitter/Web/etc and the results of it on the greater world. Want to know more the arbiter known as web search can say. ;).

Laurent Oudot


Laurent is a French senior IT Security consultant, who founded TEHTRI-Security in 2010. Last 15 years, he has been hired as a security expert to protect and pentest networks and systems of highly sensitive places like the French Nuclear Warhead Program, the French Ministry of Defense, the United Nations, etc.

He has been doing research on defensive technologies and underground activities with numerous security projects handled, and he was a member of team RstAck and of the Steering Committee of the Honeynet Research Alliance. Laurent has been a frequent presenter or instructor at computer security and academic conferences like Cansecwest, Pacsec, Black Hat USA-Asia-Europe, Hack In The Box, Defcon, US DoD/DoE, Hope, Honeynet, PH-Neutral, Hack.LU, as well as a contributor to several research papers for SecurityFocus, MISC Magazine, IEEE, etc.

Tom Parker


Tom Parker is the Director of Security Consulting Services at Securicon. Tom is a recognized throughout the security industry for his research in multiple areas including adversary profiling and software vulnerability research & analysis. Tom has published over four books on the topic of information security including Cyber Adversary Characterization - Auditing the Hacker Mind and a contributor to the popular Stealing the Network Series. Tom is a frequent speaker at conferences including a past speaker at Blackhat. Tom often lends his time to guest lecturing at Universities, involvement in community research initiatives, and is often called to provide his expert opinion to mass media organizations, including BBC News, CNN, and online/print outlets such as The Register, Reuters News, Wired and Business Week.

David Perez


David Perez is a senior security analyst with Taddong, a security research & consulting company he co-founded in 2010. He has more than 10 years of experience delivering advanced security services to domestic and multinational clients, including several Fortune Global 500 companies. He is deeply involved in Taddong's research activities in security areas like GSM/UMTS mobile communications or Windows security. He is also co-author and instructor of Taddong's training course "Security in GSM/GPRS/UMTS Mobile Communications."

Jose Pico


Jose Pico has 12 years of experience working for multinational companies, touching nearly every aspect of IT technologies, from operating systems support to leading the IT systems infrastructure of a telco company. In the latter years, he has focused his activity in the security field, and in 2010 he co-founded Taddong, a security research and consulting company. He delivers security services and training, and performs research activities. He has co-authored the Wireshark SMB export plugin and the "Security in GSM/GPRS/UMTS mobile communications" course.

Debora Plunkett

National Security Agency

Debora Plunkett serves as Director of the Information Assurance Directorate (IAD) at the National Security Agency. On behalf of the Director, NSA, the IAD is the focal point for Cyber Security, Cryptography, and information systems security for all national security systems. Specific responsibilities include research and development activities to generate IA techniques and solutions, ensuring the availability of IA products and solutions and understanding the threat to and vulnerability of national security systems.

Prior Positions:

From August 2008-May 2010, Ms. Plunkett served as the Deputy Director Information Assurance. She has also served in various leadership positions in the Signals Intelligence Directorate, to include Assistant Deputy Director for Customer Relationships, where she was responsible for guiding the development and implementation of the strategic direction for the Customer Relationships Directorate (CRD) and the Chief of the Technical SIGINT and Information Operations Group within the Analysis and Production/SIGINT Directorate where she managed SIGINT production and requirements. Mrs. Plunkett also served as a Director on the National Security Council at the White House. In this capacity, she led the development and coordination of national policy on critical infrastructure protection and cyber security issues.


Mrs. Plunkett graduated from Towson University in 1981 with a Bachelor of Science degree in Natural Science. In 1999 she was awarded a Master of Science in Business Administration from Johns Hopkins University. She is a 2002 graduate of the National War College where she was awarded a Master of Science in National Security Strategy. Mrs. Plunkett completed the Executive Development Seminar in 1998, the IC EXCEL Seminar in 2004, and the IC Intelligence Fellows Program in August 2005, and the Harvard Law School program in Conflict Management and Negotiations in 2009.

Professional Background:

Mrs. Plunkett earned certification as a Traffic Analyst in 1987 and in 1993 was certified as a senior member of the Intelligence Analysis technical track. In 1995, she was awarded an NSA Graduate Fellowship, which was used to pursue advanced studies in management at the Johns Hopkins University. She completed the Senior Leadership Development Program at NSA in 2001 and was elevated to senior executive status in that same year. In 2007, Mrs. Plunkett was awarded the rank of Meritorious Executive in the Senior Cryptologic Executive Service by the President of the United States.

Personal Data:

A native of Baltimore, Maryland, Mrs. Plunkett enjoys genealogy, sports, reading, and spending time with her family. She and her husband, Roger, live in Ellicott City, Maryland and have a son and a daughter.

Alexander Polyakov

Digital Security Research Group

Alexander Polyakov is the CTO at Digital Security Research Group (department of Alexander Polyakov is the CTO at Digital Security Research Group (department of Digital Security company). His expertise covers enterprise business-critical software like ERP, CRM, SRM, RDBMS, SCADA, banking and processing software. He found a lot of vulnerabilities in the products of such vendors as SAP and Oracle, and has made a lot of projects focused on special applications security in oil and gas, retail and banking sphere. He is the author of a book titled Oracle Security from the Eye of the Auditor:Attack and Defense (in Russian).

He is also lead a OWASP-EAS, architect of ERPSCAN Security scanner for SAP, Expert Council member of PCIDSS.RU, QSA and PA-QSA auditor and one of the contributors to Oracle with Metasploit project. Speaker at HITB, Source, DeepSec, Confidence, Troopers and many Russian conferences.

Thomas Roth

Lanworks AG

Thomas Roth is a consultant for security and software engineering from Germany whose main interests are exploiting techniques, low-level programming languages and cryptographic algorithms. Recently he started implementing and optimizing hash algorithms like MD5 and SHA1 on GPUs, using the CUDA and the OpenCL framework. Some of his private work can be found on his Blog ( or on Twitter (@stacksmashing).

Jordan Santarsieri


Jordan Santarsieri is a senior Onapsis security consultant and researcher. Being also a member of the Onapsis Research Labs, he is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting business-critical applications. Jordan has discovered critical vulnerabilities in SAP software and produced white-papers on the subject. Through his work, he has contributed to the security of Fortune-100 companies and defense contractors. His interests include penetration testing, exploit writing, forensics, data mining, psychology applied to information technology and playing with the toys lying around at the Onapsis playroom.

Jamie Schwettmann

i11 Industries, LLC

Jamie is a self-taught codeslinger, hardware hacker, social engineer, network analyst, and consultant for high performance, scientific, grid and cloud computing. Educated in research physics, classics and philosophy, and well practiced in the visual and physical arts with experience in a variety of materials and media, it seems that one lifetime might not be enough to satiate her limitless curiosity. Thus she has partnered with Eric Michaud as the Vortex Engineer of I11 Industries to explore the intricacies of physical security, and present some of them here for your benefit.

Val Smith

Attack Research

Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Valsmith founded Offensive Computing, a public, open source malware research project.

Angelos Stavrou

George Mason University

Angelos Stavrou is Assistant Professor in the Computer Science Department and a member of the Center for Secure Information Systems at George Mason University, Fairfax, Virginia. He received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. His current research interests include security and reliability for distributed systems, security principles for virtualization, and anonymity with a focus on building and deploying large-scale systems. He is a member of the ACM, the IEEE, and USENIX. Contact him at

Matthieu Suiche


Matthieu Suiche is a security researcher who focuses on reverse code engineering and volatile memory analysis. His previous researches/utilities include Windows hibernation file, Windows physical memory acquisition (Win32dd/Win64dd) and Mac OS X Physical Memory Analysis.

Matthieu has been a speaker during various security conferences such as PacSec, BlackHat USA, EUROPOL High Tech Crime Meeting, Shakacon etc. Prior to starting in 2010 MoonSols, a computer security and kernel code consulting and software company based in France, Matthieu worked for companies such as E.A.D.S. (European Aeronautic Defence and Space Company) and the Netherlands Forensics Institute of the Dutch Ministry of Justice.

Bryan Sullivan


Bryan Sullivan is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.

Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on topics such as RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is also the coauthor of the book Ajax Security.

Zhaohui Wang

Zhaohui Wang is a senior Phd student at George Mason University. His research mainly focuses on operating systems security and mobile security. Recently, he has been focusing on security research for the android mobile operating system.

Matthew Weeks

Security Researcher

Matthew Weeks is a recent graduate of Cedarville University. He has performed research in mathematics in chaos and cryptology, and focuses on information security. He enjoys finding ways to break application security, writing shellcode, and creating post-exploitation techniques. Also known as scriptjunkie, he is a frequent contributor to the Metasploit framework. His interest in infosec led him to join the Air Force and he is currently an officer.

Ralf-Philipp Weinmann

University of Luxembourg

Ralf-Philipp Weinmann is a cryptologist at day, and a reverse-engineer at night. He has studied and obtained his Ph.D. at the Technical University of Darmstadt and is currently researching as a post-doc at the LACS laboratory of the University of Luxembourg.

Dino Dai Zovi

Trail of Bits LLC

Dino Dai Zovi is an independent security consultant at Trail of Bits LLC. As an independent security researcher, Mr. Dai Zovi has been discovering and exploiting security vulnerabilities in commercial software and presenting his research at conferences such as DEFCON and BlackHat for over a decade. He is a co-author of both The Mac Hacker's Handbook and The Art of Software Security Testing, as well as the winner of the first PWN2OWN contest at CanSecWest 2007.